...ew of them. I'm looking for something like the "Search View matrix" in the User Guide of the Splunk Enterprise Security app, but with all the correlation searches in it.
Thanks
Miklos
hello ,
can anyone tell how can i retrieve the values of a correlationmatrix from Splunk web into a text file (name of the fields),
After my correlationmatrix which will be give me the b...
Hi Community Members, Anyone knows whether we can use Splunk Enterprise Security to map our correlation searches against MITRE Tactics and Techniques without installing more apps like MITRE D...
Is there a way to force a notable event in Splunk Enterprise Security to be critical? We have certain notables that are created that are only registered as a high and we want to force them to be cri...
Hello,
I am trying to create a correlation search that will detect users accessing devices for which they aren't authorized to use. For example, Vendor A should not be able to Access a specific f...
From my data below, I can see peaks in the CPU usage of a machine. I can add other fields to the graph, and visually compare the shapes to see when the two fields cross correlate, but how can I a...
I developed a search that is supposed to alert when a USB and executable is activated in order to see any malicious files are being uploaded onto a computer based on hostname.
My issue is.. when ...
...alware_Attacks")
| eval severity=if(like(action, "allowed"),"Critical","High")
If i run this search it gives me expected results but correlation search still creates notable events as per the p...
Hey! We upgraded to Splunk Enterprise Security to the latest version a few weeks ago. Before, it was on Version 4.x I believe. It was detecting events before we upgraded and after the upgrade, no m...